How Public Sector Agencies Can Operationalize CISA’s SIEM and SOAR Guidance

Posted on by
Reply

In May 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Australian Cyber Security Centre (ACSC), released new executive guidance to help Public Sector leaders effectively leverage Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) platforms. This guidance aims to strengthen agencies’ cybersecurity by enhancing threat detection, response times and operational efficiencies.

Key Challenges in SIEM and SOAR Implementation

SIEM platforms aggregate and analyze telemetry data from multiple sources, including: endpoints, applications, network devices and cloud environments.

SOAR platforms complement SIEM by automating security workflows, significantly speeding up incident response and reducing alert fatigue. When effectively integrated, these tools enable agencies to centralize security monitoring, automate routine response tasks and improve compliance with cybersecurity mandates.

For all organizations, especially Public Sector organizations, SIEM and SOAR are not just technical tools; they are foundational to building a proactive and time-sensitive cybersecurity posture. These platforms can help agencies increase operational efficiency, reduce alert fatigue and drive compliance with Federal and State cybersecurity mandates.

CISA guidance highlights several common challenges that agencies often encounter when implementing SIEM and SOAR platforms. These include the difficulty of normalizing diverse log data across multiple systems, minimizing false positives that overwhelm analysts and managing the high costs associated with implementation. Agencies also struggle to ensure effective executive oversight of security operations and face ongoing challenges in attracting and retaining qualified cybersecurity talent.

Addressing Challenges with Torq Hyperautomation

Torq Hyperautomation™ directly addresses the implementation challenges faced by Public Sector cybersecurity teams by delivering strategic advantages that legacy SOAR platforms cannot. Unlike traditional solutions, Torq integrates seamlessly with existing SIEM tools to normalize and enrich log data, reduce alert noise and improve the clarity of actionable insights. It leverages AI-driven decision-making to automate dynamic incident response workflows, allowing security teams to respond faster and more precisely.

By combining AI-powered decision logic with adaptive response runbooks, Torq enables organizations to overcome the limitations of legacy SOAR, dramatically improving Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR). This empowers analysts to focus on critical, high-impact threats rather than getting bogged down by repetitive, routine tasks.

Cost-Effective Automation for Resource-Constrained Agencies

Public Sector agencies struggle with resource constraints, and Torq also delivers cost-effective automation. Instead of requiring deep engineering expertise or lengthy integration cycles, Torq offers:

  • Intuitive, no-code and low-code automation capabilities
  • Seamless integrations with existing Federal, State and Local cybersecurity toolsets (endpoint, identity, cloud, firewall)
  • Rapid implementation timelines, ensuring immediate value and reduced costs

Enhanced Executive Visibility and Compliance

From an executive perspective, Torq addresses a crucial component of the CISA guidance: visibility and oversight. Executive dashboards within the platform provide real-time insights into SOC effectiveness, incident trends and automation impact. This visibility enables better budgeting decisions, more effective KPIs and compliance reporting aligned with key security and compliance frameworks.

Real-World Impact

Torq is already delivering substantial results within Public Sector environments.  Torq has enabled SOC teams to automate ransomware response, consolidate multi-environment telemetry and auto-generate compliance artifacts. Whether an agency is modernizing its cybersecurity stack, preparing for audits or trying to do more with fewer analysts, Torq is built to support their journey.

Agencies leveraging Torq have achieved the following:

  • Up to 90% reduction in investigation time
  • 3-5x increase in alert handling capacity with no added headcount
  • 95% of Tier-1 security cases auto-remediated

Taking the Next Step

CISA’s SIEM and SOAR guidance represents a critical shift from reactive cybersecurity practices toward proactive, integrated and automated security operations. As a trusted partner of Carahsoft, Torq is uniquely positioned to help Public Sector agencies rapidly operationalize this guidance. Torq’s scalable, secure and measurable automation platform ensures agencies not only comply with evolving standards but also stay ahead of modern threats.

To learn how Torq can empower your agency’s cybersecurity strategy, request a demo or explore a tailored pilot use case today.

Federation Needs a Backbone

Posted on by
Reply

Identity Security has become the engine behind seamless access. It connects users from different domains, agencies or organizations and lets them move between systems with a single set of credentials. That’s powerful—but it’s also risky when left ungoverned.

Let’s get one thing straight: federation is about access. It answers the question, “Can this person log in?” But it stops short of answering what really matters: “Should they still have access?” “To what?” “For how long?” That’s where governance steps in—and why it must be the foundation under every federated architecture.

The Upside of Federation

Federation simplifies identity. It creates a trust bridge between Identity Providers (IdPs) and Service Providers (SPs). Users authenticate once—via their home IdP like Azure AD or Okta—and access multiple applications without managing new credentials for each.

Benefits include:

  • Single Sign-On (SSO) across domains
  • Centralized control of user authentication
  • Protocol interoperability via standards like SAML, OIDC and WS-Fed

And federation hubs—broker trust between many IdPs and SPs—make it scalable. Instead of dozens of custom integrations, each system plugs into the hub. Clean, efficient and fast. But fast access can become fast failure if you don’t govern it!

Access Governance: The Difference Between Access and Control

Federation gets someone in the door. Governance makes sure they belong there—and ensures they leave when they’re supposed to.

Identity Governance manages the full identity lifecycle: onboarding, role changes, access reviews and deprovisioning. It enforces least privilege, flags risky combinations of access (SoD conflicts) and supports audits and compliance frameworks like NIST, SOX or RMF.

Federation can tell you who authenticated. Governance can tell you:

  • Whether that person should have access
  • What access they have across systems
  • Whether that access aligns with policy
  • How that access changes over time

Together, federation and governance form a complete identity security model. Separately, one is fast—and one is safe.

What Happens Without Governance?

An ungoverned federation hub is a highway with no speed limits, no offramps and no cameras. You’re enabling access at scale without oversight.

Here are the risks:

  • Overprovisioned access – Federation alone doesn’t enforce least privilege.
  • Access creep – Users retain access after job changes or departures.
  • Orphaned accounts – No lifecycle hooks to clean up stale identities.
  • Lack of visibility – No way to see what users can do after logging in.
  • No audit trail – Makes compliance reporting a nightmare.
  • Increased insider threat – Privileged access can persist unchecked.
  • Policy misalignment – SAML or OIDC assertions may carry outdated or unverified attributes.

These risks aren’t theoretical. In Federal and defense sectors, unmanaged federation could mean exposing sensitive systems to users who are no longer cleared, or who’ve quietly shifted roles without access being reviewed.

Governance in Action: SailPoint’s Role

SailPoint is not a federation provider. It’s a governance platform that sits on top of your federation layer, giving you full control over identity lifecycles, policies and risk.

SailPoint integrates with both upstream IdPs and downstream apps accessed via the federation hub. It handles:

  • Identity aggregation and normalization
  • Automated provisioning/deprovisioning
  • Policy enforcement (least privilege, SoD, etc.)
  • Access reviews and certifications
  • Risk scoring and contextual enforcement
  • Audit trails and compliance reporting

This governance layer makes sure your federated access is secure, justified and auditable. It aligns your identity strategy with Zero Trust principles—not just who gets in, but why, how and for how long.

Why Governance Must Come First

It’s tempting to view governance as a bolt-on. Something to “get to later” once federation is up and running. That’s dangerous thinking.

Governance is not optional. It’s the foundation.

Without it, every benefit of federation can turn into a vulnerability. That seamless access? Now it’s frictionless exposure. That fast onboarding? Now it’s risky overreach. And every shortcut you take early on becomes technical debt—if not a breach—down the road.

Real-World Example: Federation in Federal Environments

Take the U.S. Department of Defense. Their Enterprise Federation Hub allows identity brokering across agencies, contractors and civilian orgs. It’s fast and powerful—but governance is what makes it secure.

SailPoint is used alongside this hub to:

  • Enforce ABAC using enriched attributes
  • Automate provisioning to systems like ServiceNow and SAP
  • Conduct quarterly access certifications
  • Supply audit logs for compliance frameworks like FIAR and RMF

Without this layer, the Federation Hub would be a sprawling access point with no brakes, no logs and no cleanup.

Bottom Line

Federation gives you the scale. Governance gives you the safety.

One gets people in. The other makes sure they belong.

If you’re building a federated identity ecosystem—whether in the enterprise or in a multi-agency Government context—start with governance. Don’t wait for audit findings or security incidents to add it later. By then, it’s already too late.

Federation needs a backbone. Governance is it.

Powering the OneGov Mission with a New GSA Offer for Slack

Posted on by
Reply

The U.S. General Services Administration (GSA) has set a bold new direction for Federal procurement with its OneGov Strategy—a transformative mission to modernize how the Government buys and uses technology. The goal is clear: act as one unified enterprise to reduce costs, improve security, enhance productivity and eliminate the fragmented, agency-by-agency purchasing of the past.


Achieving this vision requires powerful, secure and commercially available tools that can be acquired and deployed with minimal friction. Salesforce is supporting the OneGov mission by making Slack’s FedRAMP-authorized collaboration platform more accessible and affordable for every Federal agency.

Unifying Agencies to Operate as a Shared Enterprise


A core tenet of the OneGov strategy is breaking down silos to help the Government function as a single, coordinated enterprise. Slack is purpose-built for this reality. By moving communication from isolated inboxes into organized, searchable channels, Slack creates a transparent environment for collaboration. More importantly, Slack Connect extends this capability across agency lines, allowing for secure, real-time collaboration with other Government entities and external partners. This directly addresses the OneGov goal of unifying the Federal workforce, ensuring that inter-agency teams can operate with the same speed and alignment as internal ones, all within a controlled and auditable platform.

Enhancing Productivity and Accelerating AI Adoption


The OneGov initiative calls for agencies to leverage modern technology to enhance efficiency. Slack delivers on this with powerful, user-friendly features, such as:

  • Workflow Builder, which empowers teams to automate routine processes like approvals and status updates without writing a single line of code, freeing up personnel for mission-critical work.
  • Slack AI, which provides a secure pathway to accelerate artificial intelligence (AI) adoption. Agencies can instantly leverage AI to summarize complex discussions, get immediate answers from internal knowledge bases and draft communications more efficiently.

These tools provide the tangible productivity gains and advanced capabilities needed to build a smarter, more effective Government.

Reducing Costs Through Centralized, Streamlined Procurement


The Salesforce and GSA agreement for Slack is a prime example of the OneGov strategy in action. By establishing a single, Government-wide agreement with transparent, pre-negotiated pricing, we are helping the GSA eliminate duplicative contracts and leverage the full buying power of the Federal Government.


Through November 30, 2025, your agency can access this strategic offer via the GSA Schedule (Contract: 47QSWA18D008F). With no minimum quantities and pricing structured to be Government Purchase Card (GPC) friendly, this offer dramatically reduces procurement friction and empowers teams to quickly acquire the tools they need to support their mission.

This GSA promotion is more than a discount; it is an opportunity to align your agency’s collaboration strategy with the forward-thinking vision of OneGov. It’s a chance to equip your teams with a best-in-class platform that is secure, efficient and cost-effective.


Carahsoft and our partners are committed to helping you navigate this streamlined procurement process. We are ready to provide a quote, schedule a personalized demo and help you realize the full potential of Slack in achieving your agency’s modernization goals.


Ready to join the OneGov movement and transform how your agency collaborates?
Contact our Salesforce team at Carahsoft today or call us at (877) SFDC-007 to learn more and take advantage of this limited-time offer.

Executive Order on Advancing AI in Education: What Government and Education Leaders Need to Know 

Posted on by
Reply

The recent Executive Order-14277 promotes the inclusion of artificial intelligence (AI) in education and is a significant step toward preparing America’s youth for an AI-driven future. Signed on April 23, 2025, this directive establishes a comprehensive framework for integrating AI literacy and proficiency across the educational landscape.  

As schools explore the benefits of AI, Carahsoft and our partners are here to guide and support their journey. Here are the takeaways that we found most important from the recent Executive Order. 

Task Force on Artificial Intelligence Education 

At the center of this Executive Order is the establishment of a White House Task Force on Artificial Intelligence Education. This cross-agency Task Force is chaired by the Director of the Office of Science and Technology Policy, and features executives from various offices and departments, such as the Director of the National Science Foundation (NSF), the Special Advisor for AI and Crypto and the Secretaries of Agriculture, Labor and Education. The Task Force will coordinate Federal efforts to promote AI in education and implement the policy initiatives outlined in the order. 

These include: 

  • Promoting AI literacy in the workforce and education 
  • Training educators in AI usage 
  • Integrating AI into early education 
  • Creating an AI-ready workforce 

This coordinated approach underscores the Federal Government’s commitment to ensuring students develop the skills necessary to thrive in an increasingly AI-driven economy and society.  

Initiatives for Enhancing K-12 AI Education 

With this Executive Order, schools are encouraged to establish partnerships with leading AI industry organizations, academic institutions and nonprofit entities to develop online resources that will teach K-12 students foundational AI literacy and critical thinking skills. Partnerships will be awarded on a rolling basis, with resources expected to be ready for classroom use within 180 days of the first announced partnerships. 

Additionally, within 90 days of the new Executive Order, the Task Force will establish plans for the Presidential Artificial Intelligence Challenge. This challenge celebrates student and educator achievements in AI, fostering collaboration between Government, academia and industry organizations, such as Varsity Tutors, which empowers students through its AI-powered adaptive learning platform, as well as its ability to recommend personalized tutors.  

Prioritizing Teacher Training and Professional Development 

Recognizing that effective AI education depends on well-prepared educators, the Executive Order directs the Secretary of Education to prioritize AI in discretionary grant programs for teacher training, authorized by the Elementary and secondary Act of 1965. This includes professional development focused on: 

  • Reducing time-intensive administrative tasks 
  • Improving teacher training and evaluation 
  • Integrating AI fundamentals across all subject areas 
  • Providing specialized training in computer science 

AI can reduce the burden on teachers by aiding with management. Platforms such as Degree Analytics and Education Analytics both utilize AI and machine learning to analyze student communications and engagement and provide reports to improve student performance and retention. Gaggle can help by alerting educators and parents of potential safety concerns with social media posts and other student communications, aiding educators in managing students. 
 

Additionally, the NSF is directed to prioritize research on AI in education and create teacher training opportunities that help educators effectively integrate AI-based tools in classrooms. There are a wide variety of AI-based tools for educators to choose from. Nuventive, for example, offers performance improvement platforms with AI-powered analytics for strategic planning in education. YuJa integrates AI for video captioning, analytics and engagement tools, and Turnitin helps educators detect plagiarism and writing patterns. PowerNotes, Docebo and Instructure (a Canvas platform) all feature organizational and learning enhancements for students. Docebo and Instructure (a Canvas platform) all feature organizational and learning enhancements for students. 

The Executive Order extends beyond K-12 education to address workforce development through AI-related Registered Apprenticeships. The Secretary of Labor is directed to increase participation in these programs by establishing specific growth goals with existing discretionary funds in order to support the creation of nationwide program standards. 

Building an AI-Ready Workforce Through Apprenticeships 

States and grantees are also encouraged to use Workforce Innovation and Opportunity Act (WIOA) funding to support AI-based learning opportunities. This component of the Executive Order creates significant potential for collaboration between education institutions, Government agencies and industry partners to develop comprehensive AI workforce development pathways. Some industry partners who have already begun integrating AI for workforce development initiatives are Education Technology, Services and Research (EAB), which uses AI to support student success, and YouScience, which maximizes student success by using AI to analyze a student’s interest and aptitudes and match them with academic pathways.   

The Path Forward 

Educational institutions and Government agencies seeking to capitalize on the opportunities laid out in Executive Order “Advancing Artificial Intelligence Education for American Youth” should begin planning now. Industry tie-ins can enhance education and learning, such as Udemy, which offers content recommendations and delivers AI course content, Invoke Learning, Inc., which leverages AI and data science to improve student outcomes and institution decision-making and Impero Software, which offers AI monitoring features for safeguarding and classroom management. Industry aid can go beyond K-12 education, too. Element451, for example, promotes student engagement and enrollment management in higher education.  

Carahsoft and our ecosystem of technology partners are ready to support this national effort to prepare America’s youth for an AI-driven future. Through our extensive contract vehicles and specialized AI solutions designed for educational environments, we provide the tools and expertise needed to implement the vision outlined in this landmark Executive Order. 

To learn how Carahsoft can help your organization implement the vision laid out in the Executive Order on Advancing AI Education, visit our comprehensive portfolio of AI solutions and discover how our trusted vendors can accelerate your institution’s AI-education initiatives today.

Identity is The Backbone of Secure, Agile DoD Missions

Posted on by
Reply

I had the opportunity to present to the DoD community at AFCEA TechNet Cyber where where stakes are high and operational tempo is relentless, embedding security into every layer of the digital environment is no longer optional. Identity governance and administration (IGA) has emerged as a cornerstone of cyber resilience, enabling secure modernization, supporting Zero Trust mandates, and accelerating mission impact.

Identity as a Strategic Force Multiplier

Modern warfare and defense readiness extend far beyond kinetic capabilities. Cyber is now a primary domain of operation, and within that domain, identity is the new perimeter. Identity security is not simply about access control; it is about governing who has access to what, when, and under what conditions—across all users, environments, and applications.

A well-implemented IGA program transforms complexity into control. It provides the visibility and automation needed to reduce risk, enforce policy, and enable agility. From onboarding mission partners to ensuring continuous compliance with audit and risk frameworks, identity governance acts as the connective tissue between policy, people, and mission success.

Governance is the Gateway to Zero Trust

The DoD’s Zero Trust Architecture (ZTA) is predicated on one central truth: never trust, always verify. At the core of this paradigm is the concept of least privilege—granting users only the access they need, nothing more.

IGA platforms like SailPoint do more than facilitate access. They enforce policy and establish what access should look like, continuously verifying access needs, and tie the identity to activity. Instead of relying on static credentials or infrequent certifications, identity governance brings continuous verification to life—ensuring users, devices, and applications are validated and flagged in the policy information point before access is granted.

This proactive stance aligns IGA with foundational guidance such as the Risk Management Framework (RMF), and the NIST SP 800-53 controls. Governance is not just a checkbox; it is operational security in action.

FIAR, Compliance, and Continuous Audit Readiness

Passing audits like FIAR (Financial Improvement and Audit Readiness) is more than a bureaucratic exercise. It’s a demonstration of operational integrity and mission readiness. Identity governance simplifies this process by embedding compliance into everyday operations.

IGA platforms automate access certifications, enforce separation of duties (SoD), and maintain immutable audit trails. Instead of scrambling for documentation during audit season, organizations can prove—at any time—that they were always in compliance. This shift from reactive to continuous audit readiness is a game-changer for large DoD organizations.

Mission Agility Through Automation

In the DoD, time is not a luxury. Missions shift quickly, mission partners rotate often, and new technologies are deployed at speed. Manual processes simply cannot keep up.

IGA enables automation across the entire identity lifecycle. From onboarding new coalition partners to deprovisioning departing contractors, governance tools streamline access requests, approvals, and revocations. This not only enhances security but also reduces administrative overhead, freeing resources for mission-critical tasks.

Moreover, by integrating with technologies like the DoD Federation Hub, identity governance extends its reach to federated and cross-domain environments—supporting secure joint and coalition operations at scale.

Real ROI: Security that Pays for Itself

The value of IGA goes beyond risk mitigation. It delivers measurable return on investment (ROI) through operational and financial gains. These include:

  • Audit cost reductions through automated evidence collection and fewer control failures
  • License savings by rationalizing unused or redundant entitlements
  • Operational efficiency through faster onboarding/offboarding and reduced manual workloads
  • Risk reduction by limiting the window of exposure for insider threats or privilege misuse

This is ROI by design—security investments that drive cost savings while advancing strategic goals.

A Maturity Model for Sustainable Progress

Identity governance is not a one-time deployment—it’s a journey. I have created a maturity model for the DoD that provides a structured path from basic CAC availability to advanced, AI-driven, risk-adaptive governance. Each step builds capabilities that align with Zero Trust pillars, from policy enforcement to real-time threat response.

As organizations mature, they can integrate IGA with other strategic technologies such as Comply-to-Connect, SASE, and XDR, multiplying both security effectiveness and mission agility.

Conclusion: Govern Everyone, Prove Every Access

To secure the mission, you must govern identity with the same rigor used to defend the network. Identity security is no longer a backend control; it is the control plane for modern defense operations.

Govern everyone. Prove every access. This is the blueprint for a Zero Trust future—one where audit readiness is continuous, access is justified, and the mission moves at the speed of trust.

Learn more about how ICAM solutions empower agencies to manage digital identities with precision.

Top 7 State and Local Contract Vehicles to Support Your SLG Fiscal Year Requirements 

Posted on by
Reply

As the end of the SLG and EDU fiscal year approaches, State and Local Governments and education institutions are ramping up purchasing to ensure every allocated budget dollar is spent and their organization is prepared for further IT advancements in the coming year. Leveraging the right contract vehicles can streamline procurement processes, ensuring timely and efficient acquisition of necessary technologies and services. These contracts can also provide technology vendors and resellers unique opportunities to expand their Public Sector businesses. 

Below, we explore the top contract vehicles that State and Local Governments (SLG) and education institutions (EDU) are using as they close out their fiscal year with their preferred reseller partner this month. 

1. NASPO ValuePoint 

NASPO ValuePoint is the cooperative purchasing arm of the National Association for State Procurement Officials, designed to provide access to the best possible IT solutions. It is considered to be the nation’s most significant public contracting cooperative. The contract offers a wide variety of cloud solutions, including IaaS, PaaS and SaaS. 

Carahsoft’s Contract: NASPO ValuePoint contract #AR2472 includes thousands of technology vendors. 

Who Can Use It: State and Local Governments, municipalities and public education entities (K-12 and Higher-Education). 

2. GSA Cooperative Purchasing Program 

The General Services Administration (GSA) Cooperative Purchasing Program  grants State and Local Government entities access to Federal GSA Schedule contracts for IT solutions and professional services. The GSA Cooperative Purchasing Program provides a streamlined procurement process for State and Local Governments to purchase IT solutions, often with pre-negotiated and cost-effective pricing structures. 

Carahsoft’s Contract:GSA Schedule #47QSWA18D008F, aggregates solutions from many technology vendors. 

Who Can Use It: State and Local Governments. 

3. Texas Department of Information Resources (TX DIR) 

The Texas Department of Information Resources (TX DIR) has established a Cooperative Contracts Purchasing Program which offers a wide range of product offerings, services and technology solutions to Public Sector customers in Texas and nationwide. The DIR contracts streamline the procurement process by handling all of the preliminary work upfront, making it easier for eligible entities to acquire a wide range of hardware, software, cloud solutions and professional IT services. Public organizations outside of Texas are also eligible to purchase through DIR contracts. 

Carahsoft Contract: Carahsoft holds seven TX DIR contracts, offering a wide variety of products and services from hundreds of technology vendors. 

Who Can Use It: State and Local Governments, public education and other public entities nationwide. 

4. California Software Licensing Program (CA SLP) 

The California Software Licensing Program (CA SLP), established in 1994 and administered by the Department of General Services’ Procurement Division provides State and Local Government entities within the state of California with access to discounted software licensing agreements. This vendor held contract expedites and simplifies the procurement process while supporting State Government modernization goals with a host of technology solutions. 

Carahsoft Contract: Carahsoft acts as a reseller on 19 CA SLP contracts, offering solutions ranging from data management to cybersecurity and more. 

Who Can Use It: State and Local Government agencies in California. 

5. E&I Cooperative Services 

E&I Cooperative Services is the largest and most experienced member-owned, non-profit purchasing cooperative focused on education. E&I provides education institutions with access to IT products and services, including learning management systems, classroom technologies and administrative software tailored to their unique needs. 

Carahsoft Contract:E&I Cooperative Services contract #EI00063-2021MA provides E&I members with cloud and managed service solutions and related IT products and services. 

Who Can Use It: Educational institutions, including K-12 schools, teaching hospitals, colleges and universities. 

6. OMNIA Partners Public Sector 

OMNIA Partners is one of the largest Public Sector cooperative purchasing organizations, providing comprehensive access to a wide variety of technology contracts across hardware, software and cloud solutions. The cooperative purchasing program is focused on efficiency, compliance and value, aiming to further streamline the procurement process for the Public Sector entities that leverage this contract. 

Carahsoft Contract:Carahsoft’s contracts with OMNIA Partners, #R240303 and #23-6692-01, provide State and Local Governments and education institutions with access to technology from over 150 vendors. 

Who Can Use It: State and Local Governments, public education institutions and nonprofits that are approved OMNIA partners. 

7. The Quilt 

The Quilt is a national coalition of advanced regional networks for research and education, providing members with access to IT services and technologies. The Quilt provides access to technologies that meet the specific needs of educational and research communities, offering high-performance computing, research networking and related IT services to hundreds of universities and thousands of other education institutions. 

Carahsoft Contract: MSA – 05012019F offers members with access to networking, cloud infrastructure, data management, cybersecurity, virtualization and enterprise technologies. 

Who Can Use It: Higher education institutions, research institutions and related organizations. 

By turning to these popular contract vehicles, State and Local Governments and education institutions can easily find and purchase technologies that map to their modernization efforts while ensuring compliance and maximizing investments through their preferred resellers. As the fiscal year draws to a close, these contracts serve as a vital resource for timely and cost-effective procurement, driving end-of-year business to new heights and propelling Public Sector advancements. 

For more information on Carahsoft’s offerings under each of these contract vehicles, please reach out to contracts@carahsoft.com. 

Ghost Students, Real Damage: How Colleges Can Fight Back Against Financial Aid Fraud

Posted on by
Reply

Higher education is facing a quiet but costly crisis: the rise of the ghost student.

“Ghost students” are not just overwhelmed freshmen who give up on attending classes. They refer to fraudulent enrollments that exploit financial aid. These individuals use fake or stolen identities to exploit the college admissions and funding process. Although they appear on class rosters, they never actually attend any classes, ultimately vanishing with thousands of dollars in public aid. This leaves a trail of deception and exposes the institution to financial loss, academic disruption and significant risk.

According to ABC News,

  • In California in 2024, community colleges reported 1.2 million fraudulent Free Application for Federal Student Aid (FAFSA) applications, resulting in 223,000 confirmed fake enrollments, and at least $11.1 million in aid lost that could not be recovered.
  • Across the country, scams are evolving: AI-driven chatbots are now enrolling in online courses, submitting assignments and collecting Federal aid checks before disappearing.

This isn’t an isolated glitch. It’s a systemic problem that’s already impacted colleges across the country. A recent Fortune investigation revealed the extent of the issue, particularly within State-funded and community colleges. 

Let’s take a closer look at what’s happening—and how schools can take action.

What Ghost Students Are Really Costing Colleges

Draining Financial Aid Funds

Ghost students are exploiting the very programs designed to make education more accessible. By submitting fake applications and filing for FAFSA, they’re securing grants and loans that should go to real students.

  • Millions of taxpayer dollars are being misappropriated.

  • Real students face delays or reductions in funding.

  • Colleges could be subject to additional Federal review related to institutional oversight.

Blocking Real Students from Classes

When ghost students enroll in courses, they take up space in classes with limited capacity.  Real students are waitlisted or forced to delay required coursework causing. 

  • Retention and graduation timelines to be negatively affected.

  • Institutions appear to have higher demand than they do, skewing planning and resourcing.

Creating Chaos for Faculty

Faculty are on the front lines but often lack the tools to act.  Professors see names on rosters that never attend class or engage online.  They waste time managing attendance and grading systems for non-existent students.  In some systems, participation verification ties directly to financial aid distribution, making instructors unwilling fraud gatekeepers.

Undermining Academic Integrity

Some ghost students now use AI tools to simulate engagement, submitting auto-generated assignments or quizzes just enough to avoid detection.  This adds new complexity to academic fraud detection systems.  It creates a misleading sense of engagement and learning outcomes.  It diminishes the credibility of online and hybrid learning models.

Eroding Institutional Trust

When ghost student scams become public, institutions face:

  • Loss of public trust from taxpayers and lawmakers.

  • Stricter audits and compliance measures from Federal and State agencies.

  • Damage to brand reputation, especially for open-access colleges already facing enrollment challenges.

Best Practices to Combat Ghost Student Fraud

The good news? Colleges and universities can take clear, effective steps to combat ghost student fraud—without disrupting the experience of legitimate applicants and learners.

1. Strengthen Identity Verification at Enrollment

  • Require secure identity checks—such as photo ID uploads, Government document validation or third-party identity verification services.

  • Consider real-time methods (e.g., liveness checks or short video interviews) for applicants flagged as high-risk.

  • Cross-reference application data with trusted third-party sources (address, SSN, IP) to verify legitimacy.

2. Monitor for Behavioral and Digital Red Flags

  • Track enrollment behaviors across systems—such as IP location, email reuse or batch submissions.

  • Use device fingerprinting and geolocation to detect patterns consistent with coordinated fraud.

  • Flag applications originating from anonymized networks (e.g., VPNs, Tor) or unusual time patterns.

3. Audit Student Engagement After Enrollment

  • Regularly review course engagement data: login frequency, assignment submissions and participation metrics.

  • Identify students who never log in, submit the same content as others, or only “check in” once to trigger aid distribution.

  • Coordinate across departments to investigate anomalies in LMS usage and academic records.

4. Empower Faculty and Staff with Reporting Tools

  • Provide professors with simple tools to flag suspicious student behavior or attendance issues.

  • Create workflows to escalate these reports to IT, compliance or enrollment services.

  • Incorporate faculty feedback into larger fraud detection strategies and data models.

5. Automate Risk-Based Escalation

  • Apply more scrutiny to applications that show unusual patterns, while keeping onboarding smooth for verified students.

  • Avoid unnecessary friction by using layered security that adapts to the level of risk.

  • Balance access and security, especially critical for open-access institutions serving vulnerable populations.

A Trusted Partner in the Fight Against Ghost Students

Addressing the issue of ghost students requires more than just technological solutions. It necessitates effective coordination among admissions, IT, financial aid and academic departments, along with the right combination of data, policies and personnel.

At HUMAN Security, we have assisted organizations across various industries in defending against sophisticated fraud campaigns, including fake account creation, credential abuse and automated bot attacks. Our team possesses extensive expertise in fraud detection, protecting student identity and behavioral intelligence, and we are prepared to assist higher education institutions in tackling these challenges as well.

We’re not here to sell a one-size-fits-all product—we’re here to have a conversation.

If you’re a university administrator, faculty member or IT leader concerned about ghost students, HUMAN can provide a free consultation to discuss:

  • Best practices for protecting your institution

  • Tailored risk assessment strategies

  • How to align fraud defenses with student equity and access

Let’s work together to protect financial aid, support faculty and create a safer learning environment for real students.

Ready to talk? Contact HUMAN to start a conversation about how your institution can detect and prevent ghost student fraud before it costs your school and your students.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including [UPDATE VENDOR(s) NAME HERE] we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

HUMAN, FBI, and Partners Take Action Against BADBOX 2.0

Posted on by
Reply

On June 5th, 2025, the Federal Bureau of Investigation issued Public Service Announcement I-060525, detailing how cybercriminals are exploiting compromised Internet-of-Things devices to expand the BADBOX 2.0 botnet and residential-proxy infrastructure.

The goal of this announcement is consumer education: if you buy one of these bargain devices, you may be handing criminals the keys to your home network. You wouldn’t help someone rob a store—are you willing to let bad actors steal bandwidth, launder traffic, and commit fraud in your name?

HUMAN is honored to have contributed intelligence to this alert alongside Google, Trend Micro, and the Shadowserver Foundation, further validating the findings our Satori Threat Intelligence & Research Team published in March 2025.

Human Embed CarasoftFBI-1

Collaboration is the decisive advantage in modern cyber defense. From the first indicators uncovered in our labs, we worked shoulder-to-shoulder with platform operators, cloud providers, and law enforcement partners, sharing data in real time and coordinating disruption actions. Google’s enforcement across Google Play Protect has already blocked malicious apps and cut off monetization avenues for the actors behind BADBOX 2.0.

I also want to extend a special thank you to The Shadowserver Foundation for sinkholing key BADBOX 2.0 command-and-control domains. As a result of their swift action, over a million infected devices now beacon to Shadowserver-managed infrastructure instead of criminal servers, stripping the threat actor of a substantial portion of its botnet. A live view of that global neutralization is available on Shadowserver’s public dashboard.

This investigation is very much ongoing. The adversaries responsible for BADBOX 2.0 have shown they will iterate quickly, shifting infrastructure and re-seeding supply chains when pressured. HUMAN researchers will continue to hunt for new variants, share indicators with the FBI and our industry peers, and deploy fresh detections across the Human Defense Platform to protect customers worldwide.

In the meantime, we urge manufacturers, retailers, and consumers to follow the mitigation guidance in the FBI PSA: purchase devices from reputable vendors, keep firmware up to date, monitor network traffic for anomalies, and avoid unofficial app stores. If you suspect a device on your network is compromised, disconnect it immediately and file a report at ic3.gov.

I want to personally thank every partner who leaned in—especially our colleagues at Google—for the openness, speed, and determination that made this collective defense possible. Together we are raising the cost of fraud and making the internet safer for everyone.

To learn more about securing your network and data against bad actors and malware strategies like BADBOX 2.0, visit HUMAN Security’s brief on human defense in the Public Sector. 

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including HUMAN Security, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Comprehensive Identity Security: 1Kosmos Achieves FedRAMP High Authorization and Kantara Certification

Posted on by
Reply

As cybersecurity demands increase across all levels of Government, 1Kosmos’s credential service provider (CSP) platform represents a shift in how agencies approach identity verification and authentication. Rather than forcing agencies into rigid, one-size-fits-all solutions, the platform offers unprecedented flexibility through its modular architecture. Organizations can deploy everything from simple document capture for in-person verification to comprehensive digital identity wallets that put end-users in complete control of their personal information.

This adaptability proves crucial for Government agencies with diverse operational requirements. Some organizations need only Identity Assurance Level 2 (IL2) workflow integration with existing identity providers like Okta or Microsoft, while others require the full spectrum of identity verification, digital wallet creation and Authenticator Assurance Level 2 (AL2) authentication capabilities. The platform’s ability to scale from basic document verification to complete identity lifecycle management ensures agencies can start with their immediate needs and expand functionality as requirements evolve.

The Power of Dual Certification

As the only CSP to achieve both FedRAMP High authorization and Kantara certification, 1Kosmos has established itself as the definitive solution for Government agencies seeking uncompromising identity security. This dual certification creates a security foundation unmatched in the identity verification space and works in concert to address both the “what” and “how” of secure digital identity management. Kantara certification, based on National Institute of Standards and Technology (NIST) 800-63-3 digital identity guidelines, validates that the platform operates according to the gold standard for identity verification processes and procedures.

FedRAMP High authorization takes security to the next level, implementing over 400 security controls based on NIST 800-53 standards. This represents the most stringent civilian agency security requirements available, with only 20 additional controls separating High from IL4 defense-level certification. The comprehensive nature of these controls means agencies receive verified, not just claimed, security hardening that has undergone rigorous third-party assessment.

This dual certification approach provides Government buyers with unprecedented assurance. While other solutions may meet basic compliance requirements, 1Kosmos offers the most verified hardening available in the market. For agencies navigating complex procurement requirements across Federal, State and Local levels, this certification combination simplifies vendor evaluation and reduces compliance risk. The FedRAMP High baseline ensures smooth flow-down compliance for State and Local implementations, eliminating the complexity of multiple security assessments.

Security and Privacy by Design

True security extends far beyond meeting regulatory checkboxes, and 1Kosmos has embedded privacy and security principles into every aspect of the platform’s architecture. The decision to pursue FedRAMP High from the outset reflects a commitment to protecting what 1Kosmos considers the highest-value data in existence: end-user personally identifiable information (PII).

1Kosmos, 1Kosmos Achieves FedRAMP High Authorization and Kantara Certification, blog, embedded image, 2025

Every piece of data within the 1Kosmos environment undergoes Federal Information Processing Standards (FIPS) 140-3 encryption both in transit and at rest. This is not merely a compliance requirement—it is a recognition that Government agencies entrust identity platforms with irreplaceable citizen information. The platform employs a unique double-encryption approach for digital wallets, where identity evidence receives initial encryption before being secured again within the user’s wallet, with encryption keys remaining under end-user control exclusively.

The platform operates on a privacy-first data retention philosophy. By default, the system processes identity data, stores only what is necessary for wallet creation and immediately deletes excess information. This approach ensures that data remains in the system only as long as operationally required, with automatic deletion on specified retention dates. The platform’s architecture makes it impossible for 1Kosmos or their customers to access end-user wallet data without explicit user consent, creating true user sovereignty over personal information.

What is More Valuable Than Identity?

The question of data value reveals why identity security demands such rigorous protection. In commercial contexts, student records command higher dark web prices than credit card or healthcare information due to the extended window before detection—students typically do not monitor credit for years after graduation. This extended vulnerability period makes educational identity data particularly attractive to cybercriminals and highlights why robust identity verification is essential across all Government sectors.

Government agencies face even higher stakes. Beyond financial fraud, identity compromise can affect national security, citizen services and public trust. The 1Kosmos platform addresses these concerns through continuous security monitoring and automated threat detection capabilities that immediately alert administrators to potential security issues. This proactive approach, combined with comprehensive logging and audit capabilities, ensures agencies maintain complete visibility into their identity security posture.

The platform’s global deployment success stories demonstrate scalability and reliability under real-world conditions. One global business process outsourcing company successfully transitioned half their worldwide user base to 1Kosmos authentication within just two months, showcasing the platform’s ability to handle massive-scale implementations without compromising security or performance.

Building the Future of Government Identity Security

As Government agencies accelerate digital transformation initiatives, the need for trustworthy, scalable identity solutions becomes increasingly critical. The 1Kosmos platform provides the security foundation necessary for agencies to confidently expand digital services while maintaining the highest protection standards for citizen data. With plans to extend certification to IL4 levels for defense customers, 1Kosmos continues pushing the boundaries of what is possible in Government identity security.

Learn more about how 1Kosmos can transform your agency’s identity security posture by exploring their comprehensive platform capabilities and certification achievements.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including 1Kosmos we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Becker’s Healthcare Online 2025: Top 5 Insights on Sustainability, Efficiency and Security in Patient Care 

Posted on by
Reply

At the 15th annual meeting of Becker’s Healthcare, providers and industry leaders gathered to discuss the latest in Health IT. Sessions explored intellectual capital, cybersecurity, logistics and technology, such as artificial intelligence (AI).  

Carahsoft and its partners, such as Oracle, Bamboo Health, Innovaccer, Laserfiche, Smart Communications, Wolters Kluwer and more, attended Becker’s to connect healthcare systems with the latest technology.  

Becker’s Healthcare conference featured five key themes for attendees to learn about. 

Expanding Patient Care Through Automation 

Speakers from Baptist Health discussed patient care amidst high demand in the session “Empowering Healthcare Teams: Baptist Health’s Journey to Efficiency.” As the Baptist Health Healthsystem began examining inpatient flows, they tracked all components of the patient’s experience. The influx of patients exposed existing weaknesses, such as fragmented operations, low visibility and discharging delays, resulting in lost revenue and overall inability to meet patient demand. In response, Baptist Health opened a command center to centralize its logistics, proactively taking steps to increase reliability and predictability. Viewing all components of a patient’s stay, from the moment patients entered to being fully discharged, as well as the time spent cleaning the room, enabled them to find and remove bottlenecks that prevented the efficient transfer of patients. Baptist Health also began automating workflows to expedite processes. Automated texts would be pushed to providers when patients were not moved, allowing providers to know where they were needed. These changes resulted in a 6% increase in overall admissions and a 50% increase in on time or early discharges by 11am, which helped free up beds, increasing overall capacity and revenue.  

Patient-Centered Sustainability 

In the session “The Future of Patient-Centered Care: Strategies for Sustainable Healthcare,” Fariha Siddiquie, the Director of Healthcare Services at The Kaleidoscope Group, emphasized that patients are the center of healthcare. When crafting a positive customer experience, healthcare systems should take a holistic approach to the patient’s journey. 

Healthcare systems can foster a positive experience by:  

  • Utilizing front desk staff to create positive experiences as soon as patients enter the facility 
  • Providing a comfortable experience in the waiting room 
  • Removing technical jargon to help patients and their support system understand billing, procedures and treatments 
  • Preventing and slowing the spread of diseases through community outreach 

Meeting patients and their support systems at their level contributes to patients feeling safe and welcome. While providers are not fully responsible for the experience a patient has at a healthcare center, they shoulder the most responsibility. Healthcare systems can help alleviate this responsibility by fostering a culture of empathy between employer and provider, which will ultimately extend to provider and patient. Focusing on the patient’s experience will ensure satisfaction in all aspects of patient care. 

To meet all of a patients’ needs, providers should consider how different backgrounds, such as geographical location and age, factor into care needs. With technology, certain features, such as specific fonts or options to connect to a help desk, boost accessibility. When these features are not included, the technology that already has been invested in will be ineffective. By committing to a strategic plan that impacts day-to-day workflow, healthcare systems can ensure a more welcoming, fostering environment for patients. 

Choosing the Right Technology for Your Healthcare Systems  

As IT expenses continuously grow, healthcare systems must consider which technology to prioritize. In the session “From Friction to Flow: Advocating for Smarter, Safer Healthcare Systems,” panelists discussed how healthcare systems must consider whether replacing existing technology with new ones is cost effective. Before purchasing, healthcare systems should consider how the technology will be incorporated into the workplace, and whether staff will need to be trained to use the new technology. Talking to front line caregivers and other staff can illuminate what solutions and tools are needed for daily operations. The technology with the best return on investment is that which alleviates monotonous administrative tasks and uplifts providers, who face potential burnout from the administrative tasks placed on top of their job. Once the technology is in place, healthcare systems should measure the outcomes of technology and gather and listen to feedback from end users. While technology helps processes, it cannot automatically solve problems. Rather, technology is best utilized when aiding providers and expediting work processes, allowing clinicians to focus on patient care. 

Preventing Data Breaches in Healthcare  

In the session “Doing the Inevitable: How Health Systems Are Stopping Data Breaches,” speakers from various institutions discussed the daily phishing breach attempts that healthcare systems face. Phishing attacks are insidious as they are impossible to fully prevent. Threat actors are getting more sophisticated with social engineering, using AI to impersonate leadership over the phone, or even on video calls. While security solutions, such as multi-factor authentication, are important to preventing breaches, there are use cases where they are not applicable- such as emergency situations in the operation room. 

Phishing breaches should be treated as a “when,” not an “if;” systems must proactively prepare for data breaches. Attacks can force an area or unit to go offline, so a response strategy can help operations continue smoothly. Trainings that simulate breaches can demonstrate to leaders the full complexity of these attacks and what is at risk. Even breaches for agencies that are indirectly exposed to your network can be a hazard. To prevent phishing breaches, everyone from providers to clinical leadership must be knowledgeable about mitigating attacks. 

Optimize Daily Operations with Artificial Intelligence  

In the session “AI in Healthcare: Big Ideas and Risks for the Next 5 Years,” speakers Dr. Chris Longhurst from UC San Diego Health, Dr. Mike Phepher from Stanford, the Chief Data Officer from CommonSpirit Health and Mohan, the Founder and CEO of LeanTaaS, discussed the variety of AI projects have been tested in healthcare systems to aid with operational processes. With the onboarding of secure AI portals, healthcare systems enable staff to experiment and learn how to use the new technology.  

They have found that AI can aid daily procedures in numerous areas, such as: 

Operational Tasks 

AI can help eliminate monotonous tasks that are not directly related to helping patients, such as with calls and removing duplicate insurance requests, empowering providers with more time with patients. 

Safety 

AI has helped predict which patients need palliation. This early identification has enabled symptom relief, disease prevention and reduced mortality rate. It has also democratized medical information, empowering patients and providers, as well as aided in eliminating misdiagnosis. 

Patient Empowerment 

AI has enabled patients to learn more about the care they receive. Tools such as language learning models (LLMs) have helped providers craft response letters to patients, and electronic health record (EHR) integration aids in provider-patient communication by making medical information more accessible to patients. 

When choosing the right AI platform for a healthcare system, the speakers recommend onboarding an AI model that is secure and sufficient for necessary procedures. A platform approach can help avoid siloing. Technology experts, such as VMWare, are constantly working to be at the forefront of AI initiatives and enablement, and Salesforce offers a variety of AI tools. Overall, AI can be used in many scenarios. Between aiding call centers and predicting illnesses, AI increases efficiency, optimizes processes and decreases costs. 

By maintaining security and investing in mission-supporting technologies, healthcare systems can support providers and offer the best care to patients. 

To learn more about technologies featured at Becker’s Healthcare Online, visit Carahsoft’s healthcare technology portfolio.